Study shows 93% of attempted mobile transactions were fraudulent

A total of
93% of total mobile transactions in 20 countries were blocked as fraudulent in
2019, according to a report on the state of malware and mobile ad fraud
released by mobile technology company, Upstream.

The Invisible
Digital Threat data is based on deployments of Upstream’s
Secure-D full-stack anti-fraud platform that that detects and blocks fraudulent
mobile transactions mostly originated from ad fraud malware. The platform at
the end of 2019 covered 31 mobile operators in 20 countries.

In the
markets examined, Upstream’s security platform processed 1.71 billion mobile transactions and
blocked 1.6 billion of them as fraudulent, a staggering 93% of total
transactions. It is estimated that left unchecked these transactions would have
cost users US$2.1bn in unwanted charges. For the
industry, losses from online, mobile and in-app advertising reached US$42
billion in 2019 and are expected to reach US$100 billion by 2023.

The number of
malicious apps discovered by Secure-D last year rose to 98,000, up from 63,000
in 2018. These 98,000 malicious apps had infected 43 million Android
devices.

With Android
devices now accounting for an estimate 75 to 85% of all smartphone sales
worldwide, Android is by far the most dominant mobile operating system (OS). At
the same time, it is the most vulnerable due to its open nature, making it a
favourite playground for fraudsters.

While, as
mentioned in the Secure-D report, it is always a good rule of thumb for
consumers to only download mobile applications from Google’s official
storefront, Google Play, thanks to its scale and set up, rogue apps are still
getting through its defences. Of the top 100 most active malicious apps that
were blocked in 2019, 32% are reported still available to download on Google
Play. A further 19% of the worst-offending apps were previously on Google Play
but have since been removed, while the remaining apps are available through
third-party app stores.

Fraudsters appear to target some app categories more than others. Ironically, apps designed to make a device function better and make everyday life easier are the ones most likely to be harmful with 22.32% of malicious apps for 2019 falling under the tools/personalisation/productivity category globally. The next most popular categories cybercriminals target are games (18.97%) and entertainment/shopping (15.76%). Indicating scale, in the course of only a few months in 2019, Secure-D reported on the suspicious background activity of five very popular Android apps: 4shared, a popular file-sharing app; Vidmate, a video downloader; Weather Forecast a preinstalled app on Alcatel devices; Snaptube, another video and audio app; and ai.type, an on-screen keyboard app.

With a total
of nearly 700 million downloads, these were or had been at some point
available on Google Play. In these five cases alone, Secure-D detected and
blocked 353 million suspicious mobile transactions preventing US$430 million in
fraudulent charges.

Dimitris
Maniatis, CEO of Upstream, said: “Mobile ad fraud is a criminal enterprise on a
massive scale. Though it may seem that it is only targeted at advertisers, it
greatly affects the whole mobile ecosystem. Most importantly it adversely
impacts consumers; eating up their data allowance, bringing unwanted charges,
messing with the performance of their device and even targeting and collecting
their personal data.

“It is more
than an invisible threat, it is an epidemic, calling for increased mobile
security that urgently needs to rise up in the industry’s priority list. Left
unchecked, ad fraud will choke mobile advertising, erode trust in operators and
lead to higher tariffs for users’’.

The effects
of mobile ad fraud are particularly damaging in emerging markets where data
costs are significantly higher. As evidenced from detailed data presented from
five such markets including Brazil and South Africa fraud rates in most cases
exceed the 90% mark.

As Upstream’s
report highlights consumers in emerging markets are more vulnerable to digital
fraud; they are unaware of the dangers as they often go online for the first
time via their mobile devices and data depletion caused by malware has a much
greater effect on them due to the high cost of data in their countries. In
Africa, 1 GB of data costs prepaid mobile subscribers the equivalent of 16
hours of work at minimum wage.

“Something
that the whole industry, surprisingly, lacks. With all indicators pointing that
its value will grow in the hundreds of billions in the next three years, we
cannot afford to remain idle. This is the main reason we steadily and openly
share all our findings with the whole community.”

“Mobile ad
fraud remains a hidden threat for most consumers. It usually goes undetected
and is not high on people’s agendas when choosing apps. However, as the industry
delays its response, consumers should take steps to stay safe from mobile ad
fraud this year. For example, by using anti-malware services like Play Protect,
by only downloading from the official Play store after checking reviews
carefully and keeping a close check on bills for unwanted subscriptions or
charges.”

GET INTELLIGENT CIO NEWS DELIVERED TO YOUR INBOX

ABOUT INTELLIGENT CIO

Intelligent CIO Africa is a technology intelligence platform aimed at the enterprise IT sector to provide targeted updates and research driven data. As part of Lynchpin Media, this digital medium gives unparalleled advice to the regional community.